Aggregator

“创业不息、摇滚不止”，为所有安全创业者们加油鼓劲！

Необычный конкурс от создателя Linux.

中国互联网联合辟谣平台对2024年12月网络谣言进行了梳理分析。网上数据监测和网民举报显示，当月网络谣言主要集中在伪造公共政策等方面，对社会秩序和群众权益造成负面影响。相关部门及时发布权威辟谣信息，依法惩处造谣传谣者，着力维护网络空间清朗。

一图读懂关于促进数据标注产业高质量发展的实施意见。

我们必须抢抓人工智能发展的重大战略机遇，构筑我国人工智能发展的先发优势，以创新发展人工智能加快形成新质生产力，服务经济社会发展和支撑国家安全，有力推动中国式现代化建设。

1月9日，在北京召开的中国网络空间安全协会人工智能安全治理专业委员会工作年会上，中文互联网基础语料2.0、中文互联网语料资源平台正式向社会发布。

1月10日，全国数据工作会议在京召开。会议以习近平新时代中国特色社会主义思想为指导，全面贯彻落实党的二十大和二十届二中、三中全会精神，按照全国发展和改革工作会议部署，总结2024年工作，安排部署2025年重点任务。

近日，国家发展改革委、国家数据局、财政部、人力资源社会保障部联合印发《关于促进数据标注产业高质量发展的实施意见》。

点击文章，了解最前沿的国际网安资讯！

A vulnerability classified as critical has been found in Imagination Technologies Graphics DDK up to 24.2 RTM2. This affects an unknown part of the component GPU Firmware. The manipulation leads to use of out-of-range pointer offset. This vulnerability is uniquely identified as CVE-2024-52938. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead

The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From

Microsoft Takes Legal Action Against AI “Hacking as a Service” SchemeNot sure this will ma

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
• CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process.

Critical infrastructure and industrial control systems are prime targets for cyberattacks. The authoring agencies warn that threat actors, when compromising OT components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure by Design principles and often have easily exploited weaknesses. When procuring products, OT owners and operators should select products from manufacturers who prioritize security elements identified in this guidance.

For more information on questions to consider during procurement discussions, see CISA’s Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem. To learn more about secure by design principles and practices, visit Secure by Design.

A new WEF report highlighted growing disparities in the cyber capabilities of different types of organizations and regions

A vulnerability was found in Event Monster Plugin up to 1.4.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Visitors List Export. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-11396. The attack may be launched remotely. There is no exploit available.

In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the

Threat Detection / Network SecurityIn 2024, ransomware attacks targeting VMware ESXi servers reach